AcadeNice/Wiki
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions
Wiki/.github/workflows/ci.yml
Corentin JOGUET 991d172f69 ops(ci): trigger CI on main pushes + disable auto deploy-staging Phase 0 
- CI runs on push to main + develop + PR (was: ignore main → never ran on main)
- Deploy staging : workflow_dispatch only (re-activer push trigger quand
  secrets STAGING_HOST/USER/SSH_KEY configures cote GitHub)

Effet : push suivant trigger un CI complet et verifie que la stack passe les
gates avant tout deploy.
2026-05-07 12:21:59 +02:00

146 lines
3.8 KiB
YAML
Raw Blame History

name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
lint-bridge:
name: Lint bridge (Biome)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "npm"
cache-dependency-path: bridge/package-lock.json
- run: cd bridge && npm ci
- run: cd bridge && npx biome ci .
typecheck-bridge:
name: Type-check bridge
runs-on: ubuntu-latest
needs: lint-bridge
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "npm"
cache-dependency-path: bridge/package-lock.json
- run: cd bridge && npm ci
- run: cd bridge && npm run typecheck
test-bridge-unit:
name: Tests unit bridge
runs-on: ubuntu-latest
needs: typecheck-bridge
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "npm"
cache-dependency-path: bridge/package-lock.json
- run: cd bridge && npm ci
- run: cd bridge && npm run test:unit -- --coverage
- uses: actions/upload-artifact@v4
with:
name: coverage-unit
path: bridge/coverage/
test-bridge-integration:
name: Tests integration bridge
runs-on: ubuntu-latest
needs: typecheck-bridge
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_USER: test
POSTGRES_PASSWORD: test
POSTGRES_DB: testdb
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U test"
--health-interval 5s
--health-timeout 3s
--health-retries 10
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 5s
--health-timeout 3s
--health-retries 10
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: "npm"
cache-dependency-path: bridge/package-lock.json
- run: cd bridge && npm ci
- run: cd bridge && npm run test:integration
env:
DATABASE_URL: postgresql://test:test@localhost:5432/testdb
REDIS_URL: redis://localhost:6379
security-scan:
name: Security scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Secret scanning (TruffleHog)
uses: trufflesecurity/trufflehog@main
with:
path: ./
extra_args: --only-verified
- name: SAST (Semgrep)
uses: semgrep/semgrep-action@v1
with:
config: >-
p/javascript
p/typescript
p/security-audit
p/secrets
continue-on-error: true
- name: Dep audit (npm audit)
run: cd bridge && npm audit --audit-level=high
continue-on-error: false
docker-build:
name: Docker build + healthcheck
runs-on: ubuntu-latest
needs: [test-bridge-unit, test-bridge-integration, security-scan]
steps:
- uses: actions/checkout@v4
- name: Build images
run: docker compose build
- name: Up stack
run: |
cp .env.example .env
docker compose up -d
- name: Wait for services
run: sleep 30
- name: Healthcheck
run: ./scripts/healthcheck.sh
- name: Logs on failure
if: failure()
run: docker compose logs
- name: Cleanup
if: always()
run: docker compose down -v
Reference in a new issue View git blame Copy permalink